Table of Contents

Slackware64-current ChangeLog (2014-03-28)

Fri Mar 28 03:43:11 UTC 2014

Packages

Upgraded

l/mozilla-nss-3.16-x86_64-1.txz
This update fixes a security issue:
The cert_TestHostName function in lib/certdb/certdb.c in the
certificate-checking implementation in Mozilla Network Security Services
(NSS) before 3.16 accepts a wildcard character that is embedded in an
internationalized domain name's U-label, which might allow man-in-the-middle
attackers to spoof SSL servers via a crafted certificate.
For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
(* Security fix *)